Comment 3 for bug 969198

Hello Alan,

As you replied and reported a bug you have stated like this.

1)Employee Group: -Can read all employee's attachment.
                                 :- Can edit and delete only those attachment which is created by him/her.

2)HR/User or Manager Group : Can able to add, read and remove attachments from any employees.

Your 2nd point which is working fine with access rights of OpenERP and currently we can stratified this kind of visibility/security in OpenERP because in OpenERP we have provided a security in three different ways as follow.

1) Groups : It gives us a object(menu) and action(button) based visibility (Either this group can seen or not).
2) Access rights : Create , read, write, delete (all access) access based on object, It means that either group can read all the record or can not read any of the record.

3) Record Rule : Which is most important, We can give visibility based on record, means by using record rules we can set security like groups can see only particular record. If you have created a record rule then you can seen only those record which will satisfied this domain. So also by using record rule we can not set a access right on particular record.

As per your requirement you need a particular rights on your particular record. Above all three option will not solve your issue.

This issue doesn't affect only for attachment, It will apply as a generic way also we can not say this as a bug rather than it's good improvement.

We have to consider this as a feature request and implement this type of security in feature which will solve many this type of issues. That's why I am considering this as a wishlist and as a generic way assign to the sever side.

Thank you!